diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..2f00d7e --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,52 @@ +name: Docker + +on: + schedule: + - cron: '0 0 * * 1' + push: + branches: [ master ] + # Publish semver tags as releases. + tags: [ 'v*.*.*' ] + pull_request: + branches: [ master ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + + +jobs: + build: + + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b57d0de --- /dev/null +++ b/Dockerfile @@ -0,0 +1,17 @@ +FROM debian:10-slim +LABEL maintainer="IT Services " +RUN apt-get update +RUN apt-get install -y -q apache2 subversion libapache2-mod-svn libsvn-dev python python3 python-pip python3-pip +RUN pip install requests + +EXPOSE 80 + +WORKDIR /etc/apache2/sites-available/ +COPY subversion.conf . + +RUN a2dissite 000-default.conf \ + && a2enmod authnz_ldap \ + && a2ensite subversion.conf + +VOLUME [ "/repositories" ] +CMD ["/usr/sbin/apachectl", "-D", "FOREGROUND"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..2c891be --- /dev/null +++ b/README.md @@ -0,0 +1,24 @@ +# subversion-ldap +This is the automated docker image generation for svn with LDAP support + +## Example docker start: +```bash +docker run -d -p 80:80 -v --name=svn --restart=always -v /path/to/svn/repositories:/repositories --env SVN_LDAP_URL="ldaps://ipa01.example.com:636/" --env SVN_LDAP_BIND_DN="DomainName" --env SVN_LDAP_BIND_PW="Password" --env SVN_LDAP_ALLOWED_GROUP_DN="cn=Administrators" ghcr.io/totemarts/subversion-ldap +``` + +## Example docker-compose +```yaml +version: "3.8" +services: + svn: + image: ghcr.io/totemarts/subversion-ldap + ports: + - 80:80 + environment: + SVN_LDAP_URL: "ldaps://ipa01.example.com:636/" + SVN_LDAP_BIND_DN: "DomainName" + SVN_LDAP_BIND_PW: "Password" + SVN_LDAP_ALLOWED_GROUP_DN: "cn=Administrators" + volumes: + - /path/to/svn/repositories:/repositories +``` diff --git a/subversion.conf b/subversion.conf new file mode 100644 index 0000000..5880ad2 --- /dev/null +++ b/subversion.conf @@ -0,0 +1,26 @@ + + + LimitXMLRequestBody 0 + LimitRequestBody 0 + + DAV svn + SVNParentPath /repositories + SVNListParentPath On + + AuthName "Totem Arts Assets" + + AuthType Basic + AuthzBasicProvider ldap + + AuthzLDAPAuthoritative On + AuthLDAPURL ${SVN_LDAP_URL} + AuthLDAPBindDN ${SVN_LDAP_BIND_DN} + AuthLDAPBindPassword ${SVN_LDAP_BIND_PW} + + Require ldap-group ${SVN_LDAP_ALLOWED_GROUP_DN} + + SSLRequireSSL + SetOutputFilter DEFLATE + SetInputFilter DEFLATE + +